15 classified documents. The criteria for determining how a governmental computer should be protected were detailed in the fabled Orange Book. It stated that to secure highly sensitive data, one must never connect the computer to an exterior network. This is of course the best firewall strategy that exists, but it is too restrictive to be practical. We know the value of interconnection like the rest of you; we just want you to realize that the best firewall for extremely sensitive materials is to isolate them on a computer without a network connection at all. Firewalls usually serve two main functions for a network administrator. The first is to control which machines an outsider can see and the services on those machines with which he can converse. The second controls what machines on the Internet an internal user can see, as well as what services he can use. A firewall is much like a traffic cop, organizing which paths network traffic can take, and stopping some altogether. Internet firewalls usually do this by inspecting every packet that tranverses the gateway router, which is why they are usually referred to as packet filtration systems. Watch out for possible circumvention techniques. The best firewall in the world wont do you a bit of good if there is some backdoor or circumnavigational route the attacker can take. Take care to protect the remote access systems such as PPP, SLIP, and ARA servers that allow users to dial directly into your private network. Remember that hackers will try to take these avenues into your site if you allow them. By avoiding the gateway firewalls and all of your cleverly erected traps and pitfalls, a system cracker has only to dial in with a compromised account to gain access to services against which your exterior gateway firewall cant protect. Remember that your firewall is only as strong as its weakest point. No one security package is a comprehensive solution for all of the services your network provides. It is important to conduct an ongoing audit of your access policies and police your site regularly in concert with researching vulnerabilities as they become discovered. For this chapter, we will use our large branch network as an example. We will further assume that we have a Cisco 2500 series router and 40 workstations. Of the 40 computers, three are servers: one FTP server, one mail server, and one web server. We have a full class C address 2.48.29.024 allocated to us from the NIC Network Information Center; we will be presenting examples throughout this section on how to set up different firewall topologies using our 40 machines and the network provided earlier. Figure 2-1 illustrates what the firewall will be doing in a basic sense for both our large branch as well as our main corporate network at the top. 16 Figure 2-1. A typical firewall 2.1.2 What Types of Firewalls Are There? Since almost all firewalling techniques are designed around a similar model, a centralized point of control, there are only a few variations at the top level that need to be explored. You are probably already familiar with the packet filtration firewall; most people are these days, given the recent attention paid to it by the news media. In this section we will discuss the operation and configuration of four architectures of firewall design. There are many variations of the four that you may have seen implemented, and certainly we are omitting several of the most complex and advanced architectures. But we hope to familiarize you with what a firewall is, how it works, how to set one up, and, most relevant to this book, how it fits into the world of the virtual private network.

2.1.2.1 Packet restriction or packet filtering routers

Routers and computers that conduct packet filtration choose to send traffic to a network based on a predefined table of rules. The router does not make decisions based on whats inside the packets payload, but rather on where it is coming from and where it is destined. It only considers that if the packet matches a set of parameters, it should take appropriate action to either allow or deny the transit. These allow and deny tables are set up to conform to the 17 overall network security policies put in place by the network administrator or security coordinator. A peek into the operation of a packet filter shows us that the router never even looks at any of the packets payload, but only at the TCPIP header information, to make its screening decisions. Thus, as shown in Figure 2-2 , if a router were asked to allow all traffic from network 1.34.21.024, it would check all packets for a matching source address and pass them across. Should a packet be received from another network, the filter would disallow the transit, and the packet would be thrown away. So, in essence, this is how the entire operation of this firewall affords security to the site. Figure 2-2. A packet filtration router filter Packet filtering can take on two basic forms. First is an open network with selective filtering of unwanted traffic. For each type of network attack, an appropriate filter must be put in place on the router. Second is the closed network with selective filtering of desired traffic. Although affording greater security, even for those attacks that havent been thought of yet, the drawback for the network administrator is having to update the firewall as new computers or services are added or changed. As you can guess, a packet filter suffers from several inadequacies. First off, theres no way to do user authentication; either a peer pair is allowed, or its not. For example, either machine 1.34.21.44 can pass mail traffic ports 25 and 110 to our mail server on our large network 2.48.29.4, or it cant. Theres no provision for who is trying to send the mail. Shouldnt it be possible for Bob, one of our employees who is visiting the ZZZ Cyber Coffee Shop the owners of network 1.34.21.44, to be able to check his email and have a coffee?